^
 
 

Unit of competency details

ICTSAS524 - Develop, implement and evaluate an incident response plan (Release 1)

Summary

Usage recommendation:
Current
Mapping:
MappingNotesDate
Supersedes and is equivalent to ICTSAS501 - Develop, implement and evaluate an incident response plan 20/Jul/2020

Release Status:
Current
Releases:
ReleaseRelease date
1 1 (this release) 21/Jul/2020

Companion volumes:
Unit of competency Assessment requirements

Delivery:
Find RTOs approved to deliver this unit of competency.

Training packages that include this unit

Qualifications that include this unit

Skill sets that include this unit

Accredited courses that have this unit in the completion mapping

Classifications

SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 020113 Networks And Communications  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 020113 Networks And Communications  21/Jul/2020 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Content

Compare:
Compare content of this unit of competency with other releases or training components
Download:

Unit of competency

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.

Application

This unit describes the skills and knowledge required to develop and implement an incident response plan. The results of the incident response plan must be evaluated if they affect the mission of the organisation.

It applies to individuals who apply high-level technical skills and specialised knowledge to provide broad systems administration and support functions.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

Unit Sector

Systems administration and support

Elements and Performance Criteria

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Prepare to develop an incident response plan

1.1 Identify and document organisational incident response plan requirements

1.2 Identify and document incident response team services according to organisational requirements

1.3 Identify incident response plan structure according to organisational requirements

1.4 Determine and document alignment of organisation’s existing incident response plan against identified requirements

1.5 Submit documentation to required personnel, seek and respond to feedback

2. Develop the incident response plan

2.1 Develop and document incident management policy according to task requirements

2.2 Create incident response plans according to organisational requirements and security policies and procedures

2.3 Develop incident handling and reporting procedures

2.4 Create incident response exercises, red-teaming activities, staffing and training requirements

2.5 Develop procedure for collecting and protecting forensic evidence during incident response procedures according to organisational requirements

2.6 Establish and document incident the response plan

3. Implement the incident response plan

3.1 Apply response actions to reported security incident according to incident response plan and task requirements

3.2 Assist in collecting, processing and preserving evidence according to requirements

3.3 Execute incident response plans, red-teaming activities and incident response exercises

3.4 Document security incident response and actions according to task requirements

3.5 Collect, analyse and report incident management measures according to task requirements

4. Evaluate incident response plans

4.1 Assess and document efficiency and effectiveness of incident response plans activities

4.2 Examine and document effectiveness of red teaming and incident response tests, training and exercises

4.3 Assess effectiveness of communication between incident response team and required internal and external organisations

4.4 Determine and document response improvement activities

4.5 Submit documentation to required personnel and obtain final task sign off

Foundation Skills

This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.

S KILL 

DESCRIPTION 

Learning
  • Monitors outcomes of decisions, considering results and identifying key concepts and principles that may be adaptable in the future

Numeracy
  • Interprets, analyses and documents numerical and technical system data
  • Uses mathematical equations to calculate data for technical reports

Oral communication
  • Uses listening and questioning techniques to confirm task requirements and relevant information using succinct language

Reading
  • Analyses textual information and data to determine necessary actions

Writing
  • Prepares required workplace documentation detailing processes and outcomes using cohesive language

Teamwork
  • Uses a variety of relevant communication tools and strategies in building and maintaining effective working relationships
  • Influences and fosters a collaborative culture facilitating a sense of commitment and workplace cohesion
  • Understands diversity and seeks to integrate diversity into the work context for managing change, making decisions and achieving shared outcomes

Planning and organising
  • Monitors and reviews the organisations policies, procedures and adherence to legislative requirements in order to implement and manage change

Self-management
  • Works autonomously, making high-level decisions to achieve and improve organisational goals

Problem solving
  • Develops and implements strategies that ensure organisational policies, procedures and regulatory requirements are met
  • Operates from a broad conceptual plan, developing the operational detail in stages, regularly reviewing priorities and performance during implementation, and identifying and addressing issues

Unit Mapping Information

Supersedes and is equivalent to ICTSAS501 Develop, implement and evaluate an incident response plan.

Links

Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

 

Assessment requirements

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.

Performance Evidence

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

  • determine incident response plan requirements, implement and analyse its application in real-world scenarios and document processes and outcomes on at least one occasion.

Knowledge Evidence

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

  • key features of:
  • organisational business domain
  • industry standard workplace procedures and legislative requirements that are applicable to formulating prevention and recovery strategy
  • industry standard systems engineering methodologies applicable to threat evaluation
  • industry standard backup methodologies
  • industry standard components of business planning process relevant to development of Information and Communications Technology (ICT) business solutions
  • industry standard system functionality for an organisation.

Assessment Conditions

Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.

This includes access to:

  • ICT business specifications and organisational deliverables
  • information on the security environment, including required laws and legislation
  • existing organisational security policies, organisational expertise and knowledge
  • security environment threats
  • risk analysis tools and methodologies
  • ICT security assurance specifications
  • industry standard incident scenarios.

Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.

Links

Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

Back to top